Results 1 to 2 of 2
Recommended Best mod_security Rules for Secure Web Servers Forum: Web Hosting ForumReplies: 0
Login a website like www.facebook.com using CGI/perl Forum: CGI Perl ForumReplies: 0
mikerowesoft.com - The public view Forum: One Stop Domains ForumReplies: 3
11-30-2005, 12:01 PM #1
secure login to website using public key cryptography
I'm learning about CGI and Perl at the moment and I have some ideas which I'm not sure are good or not.
I have a simple mysql database, which will hold user, products and order information.
I am using CGI/Perl to access that database and very simple html forms as the front end.
I really want to make a secure site, the first problem that I have thought about is the initial authorisation of a user.
my idea is in the database I will have a table that holds the username and an encrypted copy of their password xor'd with a constant SALT value (also stored in the table).
When a user goes to log on I want to send them a Random SALT value. The client will then xor the SALT with the password and encrypt it with my sites public key and send it back.
The server will take this information and decrypt it using the private key and xor it with the random SALT to get the password, it will also decrypt the password stored in the user table and xor it with the constant SALT to get the password. The passwords are then compared and if they match I will kick off the next process or allocating session variables etc.
Now, because I am new to this my questions are:
A) Is this a totally complex and stupid idea?
B) Does PERL already have libraries that do this?
11-30-2005, 10:05 PM #2
Re: secure login to website using public key cryptography
I don't know whether there are code libraries available, but a little Googling yielded a pretty good resource for authentication scripts here. Hope this helps.Music Around The World - Collecting tips, trade
and want lists, album reviews, & more